Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
4
Replies

new internet circuit for remote FTD managed in FMC

Lee Dress
Level 1
Level 1

‎09-13-2023 07:46 AM

One of our remote sites is getting a new internet circuit that will require me to change the outside IP address of the FTD at that site.

both circuits will be active during the change.

is it possible to change the outside interface address, subnet, and default route via FMC, deploy, then move the interface over to the new circuit?

Ive read a lot of conversations that say I need to de-register and re-register, but that would cause a large disruption and need to reapply all policies, nat, etc.

 

 

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-13-2023 09:53 AM

If you Migrating from one ISP to Another ISP, the IP address space changed.

Safe method is to configure Locally changing the IP and re-register with FMC

yes you need to check the Objects associated with IP and make necesary  new Objected changes and policies before you change the IP.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Lee Dress
Level 1
Level 1

‎09-15-2023 08:10 AM

I'm going to lab this and see if it can be done easier than unregistering. 

I will post my results here. 

0 Helpful

Lee Dress
Level 1
Level 1

‎09-15-2023 12:30 PM

This worked. 

I changed the outside interface address to an address on the new circuit and changed the default route to the router on the new circuit.   I chose save, then hit deploy. 

I monitored "show network" on the console of the device until the IP address changed, then moved the outside interface of the FTD to the new circuit.  the only thing I did after that, was in Device Management / Device, I changed the IP Address in the Management tile to the new address.  it seems to have worked without issue.  it was just a matter of timing. 

LeeDress_0-1694806195441.png

 

0 Helpful

AHack210
Cisco Employee
Cisco Employee

‎09-17-2023 07:42 AM - edited ‎09-17-2023 07:44 AM

Nice work! Depending on your code version, you can also change the outside IP address from CLI on the FTD now. You can fire off the wizard using the CLISH command on the FTD

 

 

> configure network management-data-interface
Data interface to use for management: ethernet1/1
Specify a name for the interface [outside]: internet
IP address (manual / dhcp) [dhcp]: manual
IPv4/IPv6 address: 10.10.6.7
Netmask/IPv6 Prefix: 255.255.255.0
Default Gateway: 10.10.6.1
Comma-separated list of DNS servers [none]: 208.67.222.222,208.67.220.220
DDNS server update URL [none]:
Do you wish to clear all the device configuration before applying ? (y/n) [n]:

Configuration done with option to allow FMC access from any network, if you wish to change the FMC access network
use the 'client' option in the command 'configure network management-data-interface'.

Setting IPv4 network configuration.
Network settings changed.

>

 

 

OOB connection in the case of a goof is always recommended. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card